Page 64 of 792 results (0.021 seconds)

CVSS: 9.3EPSS: 2%CPEs: 31EXPL: 0

Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code by overriding NetConnection object properties to leverage an unspecified "type confusion," a different vulnerability than CVE-2016-1019. Adobe Flash Player en versiones anteriores a 18.0.0.343 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.213 en Windows y OS X y en versiones anteriores a 11.2.202.616 en Linux permite a atacantes ejecutar código arbitrario sobrescribiendo las propiedades de objeto NetConnection para aprovechar una "confusión de tipo" no especificada, una vulnerabilidad diferente a CVE-2016-1019. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the NetConnection objects. By overriding specific object properties, it is possible to trigger a type confusion condition. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html http://rhn.redhat.com/errata/RHSA-2016-0610.html http://www.securityfocus.com/bid/85930 http://www.securitytracker.com/id/1035509 http://www.zerodayinitiative.com/advisories/ZDI-16-227 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050 https://helpx.adobe.com/security/products/flash-player/apsb16-10.html https: • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 9.3EPSS: 3%CPEs: 31EXPL: 0

Use-after-free vulnerability in the LoadVars.decode function in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, and CVE-2016-1031. Vulnerabilidad de uso después de liberación de memoria en la función LoadVars.decode en Adobe Flash Player en versiones anteriores a 18.0.0.343 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.213 en Windows y OS X y en versiones anteriores a 11.2.202.616 en Linux permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente de CVE-2016-1011, CVE-2016-1013, CVE-2016-1016 y CVE-2016-1031. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of LoadVars.decode. The issue lies in the failure to safely hold a reference to arguments during execution of the function. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html http://rhn.redhat.com/errata/RHSA-2016-0610.html http://www.securityfocus.com/bid/85926 http://www.securitytracker.com/id/1035509 http://www.zerodayinitiative.com/advisories/ZDI-16-225 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050 https://helpx.adobe.com/security/products/flash-player/apsb16-10.html https: • CWE-416: Use After Free •

CVSS: 9.3EPSS: 3%CPEs: 31EXPL: 0

Use-after-free vulnerability in the Transform object implementation in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via a flash.geom.Matrix callback, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1017, and CVE-2016-1031. Vulnerabilidad de uso después de liberación de memoria en la implementación del objeto Transform en Adobe Flash Player en versiones anteriores a 18.0.0.343 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.213 en Windows y OS X y en versiones anteriores a 11.2.202.616 en Linux permite a atacantes ejecutar código arbitrario a través de una llamada de retorno flash.geom.Matrix, una vulnerabilidad diferente a CVE-2016-1011, CVE-2016-1013, CVE-2016-1017 y CVE-2016-1031. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Transform objects. By setting a special callback on the flash.geom.Matrix object, an attacker can force a dangling pointer to be reused after it has been freed. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html http://rhn.redhat.com/errata/RHSA-2016-0610.html http://www.securityfocus.com/bid/85926 http://www.securitytracker.com/id/1035509 http://www.zerodayinitiative.com/advisories/ZDI-16-226 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050 https://helpx.adobe.com/security/products/flash-player/apsb16-10.html https: • CWE-416: Use After Free •

CVSS: 9.3EPSS: 2%CPEs: 31EXPL: 0

Stack-based buffer overflow in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via crafted JPEG-XR data. Desbordamiento de buffer basado en pila en Adobe Flash Player en versiones anteriores a 18.0.0.343 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.213 en Windows y OS X y en versiones anteriores a 11.2.202.616 en Linux permite a atacantes ejecutar código arbitrario a través de datos JPEG-XR manipulados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JPEG-XR files. The issue lies in the failure to properly check that an index is within the bounds of a buffer. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html http://rhn.redhat.com/errata/RHSA-2016-0610.html http://www.securitytracker.com/id/1035509 http://www.zerodayinitiative.com/advisories/ZDI-16-228 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050 https://helpx.adobe.com/security/products/flash-player/apsb16-10.html https://access.redhat.com/security/cve/CVE-2016& • CWE-787: Out-of-bounds Write •

CVSS: 10.0EPSS: 95%CPEs: 31EXPL: 0

Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016. Adobe Flash Player 21.0.0.197 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores no especificados, según se ha explotado activamente en Abril de 2016. Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code. • http://blogs.adobe.com/psirt/?p=1330 http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html http://rhn •